NetIQ Access Manager 3.2 integration



Similar documents
Configure Single Sign on Between Domino and WPS

Administering Jive Mobile Apps

Training module 2 Installing VMware View

Livezilla How to Install on Shared Hosting By: Jon Manning

Active Directory Requirements and Setup

Integrating EJBCA and OpenSSO

Basic Exchange Setup Guide

MICROSTRATEGY 9.3 Supplement Files Setup Transaction Services for Dashboard and App Developers

Basic Exchange Setup Guide

Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008

SecureAware on IIS8 on Windows Server 2008/- 12 R2-64bit

WatchDox SharePoint Beta Guide. Application Version 1.0.0

Elluminate Live! Access Guide. Page 1 of 7

Division of Information Technology Lehman College CUNY

SchoolBooking SSO Integration Guide

PRiSM Security. Configuration and considerations

Adobe Connect LMS Integration for Blackboard Learn 9

Specops Command. Installation Guide

Elluminate Live! Access Guide. Page 1 of 7

ZyWALL OTP Co works with Active Directory Not Only Enhances Password Security but Also Simplifies Account Management

Active Directory Authentication Integration

IIS, FTP Server and Windows

By default, STRM provides an untrusted SSL certificate. You can replace the untrusted SSL certificate with a self-signed or trusted certificate.

How to Implement the X.509 Certificate Based Single Sign-On Solution with SAP Netweaver Single Sign-On

Requirements Collax Security Gateway Collax Business Server or Collax Platform Server including Collax SSL VPN module

SSO Plugin. J System Solutions. Upgrading SSO Plugin 3x to 4x - BMC AR System & Mid Tier.

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

IBM Support Assistant v5. Review and hands-on by Joseph

Novell Open Workgroup Suite Small Business Edition Helpdesk

Quick Start Guide. Installation and Setup

Weston Public Schools Virtual Desktop Access Instructions

Configuration Guide. BES12 Cloud

NetSupport DNA Configuration of Microsoft SQL Server Express

PingFederate. Identity Menu Builder. User Guide. Version 1.0

How To Install Storegrid Server On Linux On A Microsoft Ubuntu 7.5 (Amd64) Or Ubuntu (Amd86) (Amd77) (Orchestra) (For Ubuntu) (Permanent) (Powerpoint

How To Connect A Gemalto To A Germanto Server To A Joniper Ssl Vpn On A Pb.Net 2.Net (Net 2) On A Gmaalto.Com Web Server

Using Internet or Windows Explorer to Upload Your Site

Ad Hoc Transfer Plug-in for Outlook Installation Guide

Configuring Single Sign-on for WebVPN

IMPLEMENTING DIRECTORY SERVICES INTEGRATION WITH HELIX MEDIA LIBRARY Revision Date: September 2014

Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS)

Medstar Health Dell Services

Flexible Identity. LDAP Synchronization Agent guide. Bronze. version 1.2

Setup Guide Access Manager 3.2 SP3

IIS 6.0SSL Certificate Deployment Guide

Information Technology Services

Alert Notification of Critical Results (ANCR) Public Domain Deployment Instructions

Computer Science and Engineering MacOS Cisco VPN Client Installation and Setup Guide

Title: How to set up SSL between CA SiteMinder Web Access Manager - SiteMinder Policy Server and Active Directory (AD)

Setup Corporate (Microsoft Exchange) . This tutorial will walk you through the steps of setting up your corporate account.

SQL 2012 Installation Guide. Manually installing an SQL Server 2012 instance

Warwick The Switch Over to

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

APNS Certificate generating and installation

How to Setup OSX Mail to POP an Exchange Account

Sophos Mobile Control Installation guide

Getting Started with AD/LDAP SSO

Accessing the Media General SSL VPN

Single Sign On. Configuration Checklist for Single Sign On CHAPTER

Using WinSCP to Transfer Data with Florida SHOTS

fåíéêåéí=péêîéê=^çãáåáëíê~íçêûë=dìáçé

Sharepoint server SSO

enter the administrator user name and password for that domain.

Citrix XenMobile Mobile Device Management

365 Services. 1.1 Configuring Access Manager Prerequisite Adding the Office 365 Metadata. docsys (en) 2 August 2012

Configuring. Moodle. Chapter 82

What is the Barracuda SSL VPN Server Agent?

Ipswitch Client Installation Guide

SA Citrix Virtual Desktop Infrastructure (VDI) Configuration Guide

Document From MAXIMUM BUSINESS INFORMATION TECHNOLOGY ON A. OwnCloud User Manual. TO I Cafe`

APIS CARM NG Quick Start Guide for MS Windows

Video Administration Backup and Restore Procedures

SQL Server Setup for Assistant/Pro applications Compliance Information Systems

Installation Guide SecureLogin 8.1

Use Enterprise SSO as the Credential Server for Protected Sites

LDAP and Active Directory Guide

IOS 8: Configure IMAP/POP/SMTP

SETTING UP AND RUNNING A WEB SITE ON YOUR LENOVO STORAGE DEVICE WORKING WITH WEB SERVER TOOLS

How To Use Netiq Access Manager (Netiq) On A Pc Or Mac Or Macbook Or Macode (For Pc Or Ipad) On Your Computer Or Ipa (For Mac) On An Ip

How To Deploy Software Updates Using SCCM 2012 R2

Background Deployment 3.1 (1003) Installation and Administration Guide

Logging In You must log in to the system before you can begin exchanging files with UMB. To log in to the system, follow the steps below.

TIBCO Spotfire Platform IT Brief

Lepide Active Directory Self Service. Installation Guide. Lepide Active Directory Self Service Tool. Lepide Software Private Limited Page 1

FileMaker Server 14. FileMaker Server Help

Using LDAP Authentication in a PowerCenter Domain

SSL VPN Server Guide. Access Manager 3.2 SP2. June 2013

Building Secure Applications. James Tedrick

BusinessObjects Enterprise XI Release 2

Advanced Digital Imaging

CREDENTIAL MANAGER IN WINDOWS 7

Deploying RSA ClearTrust with the FirePass controller

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

CA Performance Center

Configuring User Identification via Active Directory

Installation valid SSL certificate

BlackBerry Enterprise Service 10. Version: Configuration Guide

Transcription:

KeyShield SSO NetIQ Access Manager 3.2 integration system integrator documentation ver. 1.0.1 (21. Mar. 2014) Na Pankráci 54, Praha 4

Introduction KeyShield SSO authenticates not only a browser session but the user's device at all. All widely used platforms are supported, visit http://www.keyshieldsso.com/clients-authentication for detailed information. Once the NAM is connected to the KeyShield SSO, no further browser session authentication is required. This is perfect for all desktop users who are authenticating every morning to edirectory or Active Directory. Mobile users can profit from KeyShield SSO integration as well, because they don't need to type their username and password on the touch screen keyboard. At ios device for example, the username and password can be stored in so called keychain. Then they can start the KeyShield SSO client and start using the browser. That's it. Installation steps 1. Install integration module First of all, you need a configured and running NAM with at least one LDAP user source. See the screenshot below for reference. In this case we have 2 different user sources (LDAP directories). The integration package consist of few libraries, which has to be installed into the NAM LIB directory at the NAM server. We provide a comfortable installation script inst_kshield-netiq_1.0.1.bin which is available for download at www.keyshieldsso.com/downloads. This script does NO changes to NAM, it just stores required libraries into the LIB directory and sets necessary access rights to them. Once you are done with libraries installation, you can start configuring SSO authentication for NAM. List of 2 configured user stores:

2. Define authentication class Please note: For detailed description refer to the Identity Server Guide section 3.2 Creating Authentication Classes. You need to create a new Authentication Class first. Use whatever Display Name you prefer, easy and descriptive one is recommended. The Java class property value must be set to Other and Java class path to cz.tdp.kshield.integration.kshieldclass (see the screen shot below) Click Next to properties page. Here you must add at least a kshieldurl property. It's value has to be a complete link to your KeyShieldSSO server. For example http://172.22.78.101:8485 or https://172.22.78.101:8486 for SSL connection (not required inside the server room). If you need to use more then one user stores or the KeyShield SSO server is using more then one LDAP sources, you have to map them to each other. Each store has to be mapped by a separate property. The name of the property is constructed by user_store_name.connectorid. The value of the property has to be the respective KeyShield SSO server connector name (visit the configuration page of the KeyShield SSO web management console for a list of connectors and their names).

If the user is not authenticated to the KeyShield SSO server, SSO authentication fails. The control is then passed to the PasswordClass authentication class by default. If you need to fall back to different class, you can define a fallbackclass property. It's value is a name of existing authentication Java class (e.g. PasswordClass, BasicClass, ProtectedPasswordClass), which is requested to be used if the SSO authentication fails. Now confirm creation of the new authentication class and it appears in the list see the screen shot below.

3. Define authentication method Please note: For detailed description refer to the Identity Server Guide section 3.3 Configuring Authentication Methods. Now the new authentication method, instance of the KeyShield SSO authentication class, has to be created. Make sure that Identifies User option is checked. (see the screen shot below) User stores must be selected here again. Now confirm creation of the new authentication method and it appears in the list see the screen shot below.

4. Define authentication contract Please note: For detailed description refer to the Identity Server Guide section 3.4 Configuring Authentication Contracts. Also a new Authentication Contract has to be created. This contract will use KeyShield SSO authentication method. The URI attribute must be set as well. The value is not used but it must be unique within the NAM instance. It's recommended to use just /kshield For a proper function of the Authentication contract, authentication card must be configured incl. A picture. Please use Customizable and it's picture or upload whatever you want.

Now confirm creation of the new authentication contract and it appears in the list see the screen shot below.

5. Specify authentication defaults Please note: For detailed description refer to the Identity Server Guide section 3.5 Specifying Authentication Defaults. The SSO authentication must be used as the first authentication contract, otherwise the user will be asked for username and password, certificate, card, etc Please refer to the screen shot below for a proper SSO configuration KeyShield SSO contract must be set as default. Please note: if this SSO authentication fails (for example because the user is not authenticated to the KeyShield SSO server), the control is passed to the fallback Authentication class configured as a property of the KeyShield SSO Authentication Class.

6. Restart Identity server Now restart Identity Server to apply changes. Now you can use the KeyShield SSO authentication with your NetIQ Access Manager.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information